Skip to content

Fix missing return value check in EVP_PKEY_sign_init#199

Closed
toddr-bot wants to merge 1 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-sign-init-return-check
Closed

Fix missing return value check in EVP_PKEY_sign_init#199
toddr-bot wants to merge 1 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-sign-init-return-check

Conversation

@toddr-bot
Copy link
Copy Markdown
Contributor

@toddr-bot toddr-bot commented May 26, 2026
edited
Loading

What

Check EVP_PKEY_sign_init(ctx) == 1 instead of bare truthiness in sign() on OpenSSL 3.x.

Why

THROW(EVP_PKEY_sign_init(ctx)) treats any non-zero return as success. OpenSSL EVP init functions return 1 on success but can return negative values on error (-2 = not supported). A negative value is truthy in C, so the code would silently proceed past a failed init. The verify() function already checks == 1 correctly at line 1518 — this brings sign() into consistency.

How

One-character change: THROW(EVP_PKEY_sign_init(ctx))THROW(EVP_PKEY_sign_init(ctx) == 1).

Testing

Full test suite passes. The bug is unlikely to trigger in practice (EVP_PKEY_sign_init returns 1 for RSA keys), but the code is technically wrong and inconsistent with verify().

🤖 Generated with Claude Code

Quality Report

Changes: 1 file changed, 1 insertion(+), 1 deletion(-)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

@toddr-bot @claude
Fix missing return value check in EVP_PKEY_sign_init
2cdab83 
THROW(EVP_PKEY_sign_init(ctx)) treats any non-zero return as success,
including negative error codes (-2 = operation not supported). The
verify() path already checks == 1 correctly; bring sign() in line.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@toddr-bot
Copy link
Copy Markdown
Contributor Author

toddr-bot commented May 27, 2026

Note: PR #191 now includes this fix. The THROW(EVP_PKEY_sign_init(ctx))if (!EVP_PKEY_sign_init(ctx)) goto err; replacement in #191 had the same bare-truthiness bug this PR fixes. I've pushed a commit to #191 that uses EVP_PKEY_sign_init(ctx) != 1 instead.

If #191 is merged first, this PR becomes redundant. If this PR is merged first, #191 will pick up the != 1 form during its rebase.

@toddr-bot
Copy link
Copy Markdown
Contributor Author

toddr-bot commented May 27, 2026

Note: This fix is fully subsumed by #191, which replaces all THROW() calls in the 3.x code paths (including this EVP_PKEY_sign_init line) with explicit if (... != 1) goto err checks. #191 also eliminates the now-unused error variable that THROW required.

If #191 is merged first, this PR can be closed. If you prefer this smaller scoped fix first, #191 will need a trivial rebase on the sign() hunk.

@toddr-bot
Copy link
Copy Markdown
Contributor Author

toddr-bot commented May 27, 2026

Closing — this fix is subsumed by PR #191, which replaces all THROW macros in sign() with explicit != 1 checks (including the EVP_PKEY_sign_init call this PR targets). #191 is the more comprehensive fix.

@toddr-bot toddr-bot closed this May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@toddr-bot